SSL Across Blackboard

One of the security settings recommended by Blackboard, Inc. is to apply SSL across the entire Blackboard application. Heretofore we have applied SSL only to Blackboard login, and not across the entire application. SSL stands for secure sockets layer, and is an encryption protocol that keeps your user id and password secret when logging in. An eavesdropper with the suitable software/hardware snooping devices could otherwise intercept your login information and login as you. You know that you are using an SSL enabled connection when you see the protocol https:// in the address bar of your browser:

Beginning today we are going to apply SSL across the entire Blackboard application, to be sure that your academic transactions are completely secure. There are two reasons we have not done this prior to this time: 1) The main reason has been that doing so caused some very unfortunate browser warnings to be thrown up when you attempt to address mixed content, i.e., external web content linked by professors from within courses, for example. The current crop of browsers have finally improved on this behavior and now IE9 is the only browser that throws a warning, and the message IE9 throws is much more civilized and non-threatening than that of IE8 and before. Here it is:

If the user clicks show all content it goes away and all is well. 2) The second reason we have not done this is that it is vanishingly unlikely that anyone would consider Palomar academic work within Blackboard to be worth the effort of intercepting and perhaps maliciously modifying. National defense it is not. It just seemed to us that the more reasonable course up to now was to leave things as they were since changing would have resulted in more confusion, frustration and ill-will. Finally, things have changed.

We only mention that we will be applying SSL across Blackboard because it might be an issue that professors need to address with their students. We are not trying to make life more difficult. It is just that browsers have matured to the point where the advantages of applying system-wide SSL now outweigh the disadvantages of a bunch of false, alarmist browser warnings. More a matter of psychology, perhaps, than technology.

If your students should ask about the warning when they click on your external (URL) links, just tell them to click the “Show all content” button, or suggest that they use a more reasonable browser than IE. The problem does not occur with the latest versions of Safari, Chrome or Firefox. IE continues to decline in market share compared to the other browsers, but remains the elephant in the room because of its historical connection to the windows OS. The sooner it is abandoned the better.

The other point to note with regard to SSL is that it generates a bit more system overhead, meaning that it will slow down Blackboard somewhat. What does “a bit” and “somewhat” mean? Frankly, we don’t know. We have no effective way to test the system under load. At this point of the semester I imagine the effect will be imperceptible, or barely perceptible. Our friends in the IS department are in the process of increasing Blackboard system resources, so even under the heaviest load in the future (at the start of a semester) we expect the conversion to full SSL will not be noticeable. Our final conclusion on this long-debated issue is that it is time to apply it to all aspects of Blackboard.